| Titel | Authentication bypass via SQLi |
|---|
| Beschreibung | It is possible to bypass authentication in the COVID-19 Directory application and gain access as the administrator user, resulting in privilege escalation and leaking of PII. I have detailed the steps to reproduce in the advisory link.
Step 1) Visit the /admin page
Step 2) Use thew following SQLi payload in the 'username' field: admin'or 1=1 or ''='
This gives the attacker admin access.
|
|---|
| Quelle | ⚠️ https://medium.com/@shaunwhorton/authentication-bypass-and-xss-in-covid-19-directory-system-c5a126e156f1 |
|---|
| Benutzer | swhorton (UID 26133) |
|---|
| Einreichung | 12.04.2022 11:19 (vor 4 Jahren) |
|---|
| Moderieren | 12.04.2022 11:45 (26 minutes later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 196882 [NCDC Covid-19 Directory on Vaccination /admin Benutzername SQL Injection] |
|---|
| Punkte | 19 |
|---|